ontohub/lib/permissionable.rb

	permissionable.rb revision d62eba79f306957dd89ea9d3313600e98e2a8beb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
418f6b8fb54a23686e8a384a65903df27e59c03bhenning muellermodule Permissionable
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller  extend ActiveSupport::Concern
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller  included do
d62eba79f306957dd89ea9d3313600e98e2a8bebJulian Kornberger    has_many :permissions, :as => :item
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller  end
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller  def permission?(role, user)
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    # Deny if role is unknown or user is wrong object.
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    return false unless [:owner, :editor].include? role
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    return false unless user.is_a? User
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    # Allow any admin user.
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    return true if user.admin? rescue nil
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    # Retrieve direct user permissions.
8c1be7aa00ddeb367fac5d3e8574429a301dbeb7Julian Kornberger    @perms = Permission.item(self).subject(user).all
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    # Retrieve permissions through team.
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    user.teams.each do |team|
8c1be7aa00ddeb367fac5d3e8574429a301dbeb7Julian Kornberger      @perms << Permission.item(self).subject(team).all
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    end
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    # Deny if no permission is found.
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    return false unless @perms
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    # Allow if role matches any permission.
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    @perms.flatten.each do |perm|
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller      return true if perm.role == role.to_s
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller      return true if perm.role == 'owner' and role == :editor
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    end
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    # Deny otherwise.
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller    false
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller  end
418f6b8fb54a23686e8a384a65903df27e59c03bhenning muellerend